Headline
CVE-2023-47251: Vulnerability Lab
In mprivacy-tools before 2.0.406g in m-privacy TightGate-Pro Server, a Directory Traversal in the print function of the VNC service allows authenticated attackers (with access to a VNC session) to automatically transfer malicious PDF documents by moving them into the .spool directory, and then sending a signal to the VNC service, which automatically transfers them to the connected VNC client’s filesystem.
With the Vulnerability Lab, SEC Consult operates its own internal security laboratory, in order to ensure an international know-how advantage over attackers in the areas of network and application security. In addition, this facility serves the support with high-quality penetration tests and with the evaluation of new technologies and is at the service of our customers. Thus, they receive the latest information about security gaps and valid statements about the risk profile of new technologies.
Our Vulnerability Lab follows a Responsible Disclosure Policy which aims to provide vendors with the necessary information and timeframe needed to validate and fix a security flaw in order to mutually coordinate the public release of a security advisory as part of our responsible disclosure process. This document also clarifies the extent and limitation of effort the SEC Consult Vulnerability Lab will invest. It can be found here.
Here you find all our studies and whitepapers.
You can reach our Vulnerability Lab through security-research(at)sec-consult.com. The PGP key with fingerprint F9A9D4AF3DC2D298835090252D2DD7B5C6EE883F can be downloaded here.
- All
- 2023
- 2022
- 2021
- 2020
- 2019
- 2018
- 2017
- 2016
- 2015
- 2014
- 2013
- 2012
- 2011
- 2010
- 2009
- 2008
- 2007
- 2006
- 2005
- 2004
- 2003
22. Nov 2023
05. Oct 2023
27. Sep 2023
25. Sep 2023
18. Sep 2023
29. Aug 2023
05. Jul 2023
03. Jul 2023
28. Jun 2023
27. Jun 2023
17. May 2023
16. May 2023
15. May 2023
02. May 2023
06. Mar 2023
Related news
m-privacy TightGate-Pro suffers from code execution, insecure permissions, deletion mitigation, and outdated server vulnerabilities.